CVE-2026-43256 Common Vulnerabilities and Exposures

Upstream information

CVE-2026-43256 at MITRE

Description

In the Linux kernel, the following vulnerability has been resolved:

media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update()

vfe_isr() iterates using MSM_VFE_IMAGE_MASTERS_NUM(7) as the loop
bound and passes the index to vfe_isr_reg_update(). However,
vfe->line[] array is defined with VFE_LINE_NUM_MAX(4):

struct vfe_line line[VFE_LINE_NUM_MAX];

When index is 4, 5, 6, the access to vfe->line[line_id] exceeds
the array bounds and resulting in out-of-bounds memory access.

Fix this by using separate loops for output lines and write masters.

SUSE information

Overall state of this security issue: Does not affect SUSE products

SUSE Bugzilla entry: 1264425 [NEW]

No SUSE Security Announcements cross referenced.

SUSE Timeline for this CVE

CVE page created: Thu May 7 19:29:06 2026
CVE page last modified: Thu May 7 19:29:06 2026